WPA2-Enterprise uses 802.1X to facilitate authentication, but when and how is CCMP/AES used to encrypt the data after the authentication is completed?

Let us say you want to use PEAP, and the TLS tunnel is established after the RADIUS server presents its certificate. Does this tunnel close after the 802.1X port is opened, and AES takes over? Also, if AES takes over, what is used as the key?

1 Answer
1

PEAP is an authentication protocol which reuses TLS to establish a secure sort-of tunnel between the client and the authentication server. Nominally, SSL/TLS uses a bidirectional full-duplex transport medium (such as a TCP connection) and provides a bidirectional full-duplex tunnel. However, the initial parts of SSL/TLS (the "handshake") can be expressed as messages where each involved party knows, at any time, who should speak next. Thus, this handshake can be mapped to a request-response transport medium, and that's what PEAP does.

There is a nice overview schema on the Wikipedia page. The supplicant (i.e. the client system, aka your laptop) talks to the authentication server through EAP frames which are relayed by the access point. These EAP frames contains, for PEAP, a streamlined TLS handshake, which is then used to convey the credentials (usually, user name and password) from the supplicant to the authentication server; moreover, the "master secret" which is obtained through the TLS handshake is used as one of the sources for the derivation of a new key which is given to the client and the access point. See the EAP-TLS draft (section 2.5) for details.

The whole thing is complex (in my opinion, quite more complex than what it would need to be) but the core idea is that the authentication protocol is encapsulated in EAP frames and results in an authenticated symmetric key (here, the authentication protocol reuses parts of TLS). Then the symmetric key is used for encryption between the supplicant and the access point, with AES (in CCM mode), completely outside of TLS; the TLS handshake performed within the authentication protocol has played its role, and that TLS tunnel is no longer used.